Tweet This

Last week
Microsoft surprised everyone by following Windows 8 with Windows 10. Questionable numeracy aside, having spent some time with the new OS (review coming later this week) I’ve been fairly impressed. One thing that has shocked me, however, is the genuinely jaw dropping level of invasion in the Windows 10 privacy policy and it deserves wider airing.

Here are the key paragraphs:

"Microsoft collects information about you, your devices, applications and networks, and your use of those devices, applications and networks. Examples of data we collect include your name, email address, preferences and interests; browsing, search and file history; phone call and
SMS data; device configuration and sensor data; and application usage."

While it sounds scary, this initial paragraph is actually fairly standard and similar to what many companies will write but it only lays the groundwork for how Microsoft can go about that. The most unnerving?

[When you] "use voice input features like speech-to-text, we may collect voice information and use it for purposes such as improving speech processing."

In short: Microsoft can record you and anything you say without warning. In light of the Xbox One controversy about an always listening console this is Microsoft returning to dangerous ground. And yet the killer clauses are still to come:

1. “[When you] open a file, we may collect information about the file, the application used to open the file, and how long it takes and use it for purposes such as improving performance"

2. “[When you] enter text, we may collect typed characters and use them for purposes such as improving autocomplete and spellcheck features."

In short: Microsoft can view your existing files and keylog everything you type when you create new ones. Use Windows 10 and you are agreeing to give access to all your data to the company.

Yes this is an operating system which can listen to everything you say, read everything you own and track everything you write and click.

So what does all this mean? The most important point to make is: just because Microsoft has given itself the right to do these things does not mean it will do them to snoop on files, record personal conversations and keylog everything you do. In fact I’d be shocked if it did. The lawsuits would pile up.

Instead what you are seeing is Microsoft giving itself all the freedoms it believes it needs to effectively analyse how testers are using the Windows 10 Technical Preview so it can be improved quickly in meaningful ways. I’m also sure the retail version of Windows 10 will tone down the level of invasion permitted.

It doesn’t need to be this way. Just because privacy agreements are long, tedious and widely unread does not mean they should be impenetrable and intimidating. It wouldn't take long to re-write this privacy agreement in human terms that make it sound far less Orwellian and give it far greater prominence so users are not caught off guard. How about this simple heads-up:

"Attention: Windows 10 Technical Preview is a test platform which will capture your data, voice and keyboard interaction. It will not share your data with third parties and all information we take will be deleted at the end of the test period. The retail version of Windows 10 will not have similar requests."

Of course the counter argument is '[Insert company] is just as bad/worse' but that really isn't the point. Microsoft can do better and the development strategy of Windows 10 shows the company is keen to please its users and keep them involved every step of the way. Better clarity and greater prominence for its Technical Preview privacy terms would be a good start.

Update: Microsoft has made a statement to WinBeta saying: "The Windows 10 Technical Preview is a pre-release build of the OS designed for testing, evaluation and feedback. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. For example, all data sent from the Windows 10 Technical Preview to Microsoft is encrypted in transit and we store the personal information you provide on computer systems that have limited access and are in controlled facilities.

Once you download Tech Preview and become a member of the Windows Insider Program, you provide information about how you use the product, including what devices you use it with, along with your detailed feedback to make adjustments before we launch the product."

This is a worthwhile clarification, but again far from plain language. Ultimately Microsoft can request any permissions it likes, but both the prominence of them and the clarity of their wording must be improved.

I am an experienced freelance technology journalist. I have written for Wired, The Next Web, TrustedReviews, The Guardian and the BBC in addition to Forbes. I began in b2b print journalism covering tech companies at the height of the dot com boom and switched to covering con...